[Buildbot-devel] How to not run as root?

Brian Warner warner-buildbot at lothar.com
Mon Nov 8 09:39:24 UTC 2004 

> I don't know Twisted at all, so forgive me if this is an obvious question.

No worries.. having the 'twistd' launcher-program change uids for you is one
of the weirder parts, so very little about it is obvious :).

> I am setting up BuildBot, but I want both the master and slaves to run 
> as a specific user: primarily for security reasons, but also because the 
> build/test process need to run as a certain user acount.

Sounds good. Nothing about the buildbot itself requires any particular user
to run, but of course your build process will have its own requirements.
There's no reason why it should need root privileges.

> However, if I try running the master with:
> 
> $ su buildbot -c 'buildbot start .'

> "/usr/local/lib/python2.3/site-packages/twisted/scripts/twistd.py", line 
> 134, in shedPrivileges
>      switchUID(uid, gid, euid)
>    File "/usr/local/lib/python2.3/site-packages/twisted/python/util.py", 
> line 605, in switchUID
>      setgid(gid)
> OSError: [Errno 1] Operation not permitted

Curious.. I haven't seen this problem before. My hunch is that the .tap file
was created by a different user (i.e. 'buildbot master' was run by one user,
but 'buildbot start' is being run by a different one), and twistd is trying
to switch back to that userid when it starts, and switching userids requires
root privileges. This would be annoying, and the brief testing I just did
suggests that it's probably something else, but it's worth a shot doing both
the 'buildbot master' and the 'buildbot start' as the same user.

Usually, when the buildbot is to be run as a different user than I'm
currently under, I use sudo:

% sudo -u buildbot buildbot start path/to/buildmaster

It's conceivable that basic 'su' might behave slightly differently (how do
they handle euid vs uid, for example?).

And for long-term use, I usually set up a '@reboot' cronjob from the target
user's account to start the buildbot at each reboot. The goal of the new
debian packaging is to make a proper /etc/init.d/ script to start all system
buildbots, but that hasn't received a whole lot of testing yet, so I wouldn't
be surprised if there are some problems.

Let me know if running both commands as the same users helps or not.. if not,
I'll try to reproduce the problem here. What version of Twisted are you
using?

good luck,
 -Brian

More information about the devel mailing list